Mercurial > openid
diff src/ur/openidUser.ur @ 54:1876aa854263
Merge from upstream.
author | Karn Kallio <kkallio@eka> |
---|---|
date | Mon, 04 Jul 2011 10:36:15 -0430 |
parents | 72e942423f26 |
children | 9c83592de908 328a429dfedb |
line wrap: on
line diff
--- a/src/ur/openidUser.ur Sun Jul 03 14:39:26 2011 -0430 +++ b/src/ur/openidUser.ur Mon Jul 04 10:36:15 2011 -0430 @@ -84,7 +84,11 @@ if b then return M.afterLogout else - currentUrl + b <- currentUrlHasQueryString; + if b then + return M.afterLogout + else + currentUrl val current = login <- getCookie auth; @@ -117,6 +121,14 @@ clearCookie auth; redirect M.afterLogout + fun newSession identO = + ses <- nextval sessionIds; + now <- now; + key <- rand; + dml (INSERT INTO session (Id, Key, Identifier, Expires) + VALUES ({[ses]}, {[key]}, {[identO]}, {[addSeconds now M.sessionLifetime]})); + return {Session = ses, Key = key} + fun signupDetails after = let fun finishSignup uid data = @@ -146,6 +158,9 @@ case cols of Failure s => return (Some s) | Success cols => + dml (DELETE FROM session + WHERE Id = {[ses.Session]}); + ses <- newSession (Some ident); setCookie auth {Value = LoggedIn ({User = uid} ++ ses), Expires = None, Secure = M.secureCookies}; @@ -195,9 +210,12 @@ if invalid then error <xml>Invalid or expired session</xml> else - dml (UPDATE session - SET Identifier = {[Some ident]} + dml (DELETE FROM session WHERE Id = {[signup.Session]}); + ses <- newSession (Some ident); + setCookie auth {Value = SigningUp ses, + Expires = None, + Secure = M.secureCookies}; signupDetails after | Some (LoggedIn login) => if login.Session <> ses then @@ -210,9 +228,12 @@ if invalid then error <xml>Invalid or expired session</xml> else - dml (UPDATE session - SET Identifier = {[Some ident]} + dml (DELETE FROM session WHERE Id = {[login.Session]}); + ses <- newSession (Some ident); + setCookie auth {Value = LoggedIn ({User = login.User} ++ ses), + Expires = None, + Secure = M.secureCookies}; redirect (bless after) | None => error <xml>Missing session cookie</xml> @@ -245,14 +266,6 @@ redirect (bless after) | None => error <xml>Missing session cookie</xml> - fun newSession () = - ses <- nextval sessionIds; - now <- now; - key <- rand; - dml (INSERT INTO session (Id, Key, Identifier, Expires) - VALUES ({[ses]}, {[key]}, NULL, {[addSeconds now M.sessionLifetime]})); - return {Session = ses, Key = key} - fun logon after r = ident <- oneOrNoRowsE1 (SELECT (identity.Identifier) FROM identity @@ -261,7 +274,7 @@ case ident of None => error <xml>Username not found</xml> | Some ident => - ses <- newSession (); + ses <- newSession None; setCookie auth {Value = LoggedIn (r ++ ses), Expires = None, Secure = M.secureCookies}; @@ -276,7 +289,7 @@ error <xml>Login with your identity provider failed: {[msg]}</xml> fun doSignup after r = - ses <- newSession (); + ses <- newSession None; setCookie auth {Value = SigningUp ses, Expires = None, Secure = M.secureCookies};